YADIS as an abstraction layer

Granqvist, Hans hgranqvist at verisign.com
Tue Nov 1 14:01:02 PST 2005


> Most human-readable things on the web are HTML. People are familiar with
> HTML. There are lots of people that can write HTML but don't even know
> what HTTP headers are, let alone how to change them.
> . . .
> Sure, it's not ideal from a technological perspective, but
> pie-in-the-sky pure implementations that don't pay any mind to current
> realities rarely get very far.

Oh, I agree with this. Most of it.

The reliance on HTML should be made explicit somehow . . .  People don't 
break protocols. Implicit dependencies break protocols. ;)
 
Perhaps: the requested format of the response is part of the request, a la 
"format=xyz" param/value, where HTML is the default value, or similar.

>> Secondly, about the capability description document: It seems risky to
>> have identity leaking through (a username can tell a lot  -- and quite a 
>> few people base passwords on the username too). I think there is a real
>> risk here.
> 
>
>This is an intreiguing observation. I'm a little taken aback by it since
>people share usernames all the time. Do you have a solution in mind?

Not as such. I just happened to see plaintext usernames in the response
and thought about the old "i_hate_xyz" username problem.

I'll have to think further what it all means.

Hans
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20051101/eda88d53/attachment.htm


More information about the yadis mailing list